Is your data governance fit for the new data landscape?

Is your data governance fit for the new data landscape?

Our research shows that few retailers have thought much about GDPR beyond ensuring compliance. There’s no fault in that: the cost of non-compliance could be significant. But now that the initial GDPR hurdle has been overcome, where do we go from here?

Whether sticking to tried and trusted approaches, or embracing regulatory changes as a catalyst for developing innovative data-driven solutions, whichever route a retailer chooses, there remains the fundamental need to reassure customers that their data is secure, and to do that you need a defined and cohesive data governance strategy and structure.

What does best practice look like?

GDPR doesn’t teach you how to manage data effectively. What it does is simply enforce the sort of good practices that every organisation which handles customer data should be following in any case.

Any data governance structure should be founded on the central pillars of definition, communication and accessibility. That might sound obvious but it’s really about the detail. For example, every aspect of your approach should be documented. So everyone involved will know what constitutes data, what the rules are around data retention, where ownership and responsibilities lie, how security, testing and maintenance will be managed.

If your intention is to create a positive data culture in your organisation, and treat data as a brand asset, then effective communication will play an important role. Is there a training need? Does it involve organisational change? Effective data governance is likely to involve buy-in across many different parts of a business; it’s not just a ‘thing that IT does’. Data usage should be built in to every project and process. Developing that positive data culture will only come through good communication.

Access isn’t just about allowing customers see what data you hold about them. It also concerns how people in your own organisation can use customer data. They might need this for a host of reasons, such as providing customer service, answering queries or looking for trends. How will your ability to interrogate data support your business and business development? Clearly security around access is also a key issue.

Your data governance best practice checklist

This is an overview rather than a detailed guide. Treat it as a broad template against which you can gauge your own approach.

Data governance structure: do you have one?

As a starting point, you need to establish a data governance framework. This involves having a set of systems in place around gathering, storing, processing and using data. It might also highlight the need for specific new roles or functions, or identify a skills gap. Accountability is important, especially as you have data obligations to customers, clients, suppliers and regulatory bodies. And it will need a group, or groups, to oversee all of this activity. How often do they meet? Does the creation of a process uncover further data governance roles and issues?

Policies, processes and standards

These need to be in place to define and manage customer data privacy, compliance, security, data classifications, training and awareness. They should also cover usage of data. These might involve:

Regular database vulnerability tests — and how the results are shared, and improvements acted on

Technologies — used to organise and access data

Data and technology roadmaps — that define the business value of data

Cross-system scorecards — and automated KPI

How often will these policies be reviewed, who are the stakeholders, and where does the responsibility for this lie?

Know your data

If you’ve been gathering data for years, and using different approaches to collect, store and manage it, getting a handle on exactly what you have could be tricky. Effective data governance means knowing what you have across the organisation — its lineage, usage and how it’s made accessible across the business. Remember, this could also apply to data temporarily held by your organisation, for example, when you’re involved in a campaign with a third party.

Managing trusted data

Your processes should contain guidance on how data is made available to fulfil business and regulatory needs. There might be rules around data quality, integrity, availability and retention, and there should be KPIs that measure their effectiveness and your compliance with regulatory standard and your company’s internal standards. And metadata has a role to play here in establishing and maintaining data accuracy, and ensuring that data lineage is easy to identify.

Increased customer trust is just one benefit of a robust data governance structure. But the real game changer for some organisations post-GDPR will be using data to develop better, customer-centric, solutions, and using the learnings from data to identify clearer routes to business growth. A good data governance is pivotal to making this a reality.